43 lines
1.3 KiB
Ruby
43 lines
1.3 KiB
Ruby
class DiscourseLoginController < DiscourseController
|
|
before_action -> { require_config_disabled :discourse_sso }
|
|
skip_before_action :authenticate
|
|
|
|
def initiate
|
|
discourse_url = FoodsoftConfig[:discourse_url]
|
|
|
|
nonce = SecureRandom.hex()
|
|
return_sso_url = url_for(action: :callback, only_path: false)
|
|
|
|
session[:discourse_sso_nonce] = nonce
|
|
redirect_to_with_payload "#{discourse_url}/session/sso_provider",
|
|
nonce: nonce,
|
|
return_sso_url: return_sso_url
|
|
end
|
|
|
|
def callback
|
|
raise I18n.t('discourse.callback.invalid_signature') unless valid_signature?
|
|
|
|
payload = parse_payload
|
|
|
|
raise I18n.t('discourse.callback.invalid_nonce') if payload[:nonce] != session[:discourse_sso_nonce]
|
|
|
|
session[:discourse_sso_nonce] = nil
|
|
|
|
id = payload[:external_id].to_i
|
|
user = User.find_or_initialize_by(id: id) do |user|
|
|
user.id = id
|
|
user.password = SecureRandom.random_bytes(25)
|
|
end
|
|
user.nick = payload[:username]
|
|
user.email = payload[:email]
|
|
user.first_name = payload[:name]
|
|
user.last_name = ''
|
|
user.last_login = Time.now
|
|
user.save!
|
|
|
|
login_and_redirect_to_return_to user, notice: I18n.t('discourse.callback.logged_in')
|
|
rescue => error
|
|
redirect_to login_url, alert: error.to_s
|
|
end
|
|
end
|